Cookie Policy

header-bg

Privacy Policy

 


Policy Summary

Personal Data collected for the following purposes and using the following services:

Analytics

Google Analytics
Personal Data: Cookies and Usage Data

Contacting the User

Contact form
Personal Data: email address, first name and last name

Mailing list or newsletter
Personal Data: country, email address, first name and last name

Managing contacts and sending messages

Campaign Monitor
Personal Data: email address

Registration and authentication

Direct registration
Personal Data: country, email address, first name and last name

Contact Information

Owner and Data Controller

Sandoz International GmbH
Owner contact email: emea.ebusiness@sandoz.com

Data Protection Officer

Data Protection Officer contact email: datenschutz@novartis.com


Full Policy

This Privacy Notice stipulates how We, Sandoz International GmbH (“Sandoz”, “We”), Industriestraße 25, 83607 Holzkirchen, Germany, process Personal Data about You as a user of www.apex-prostate.com (“You”). You are receiving this Privacy Notice because Sandoz is processing information about You which constitutes “Personal Data” and Sandoz considers the protection of Your Personal Data and privacy a very important matter. Sandoz is responsible for the processing of Your Personal Data as it decides why and how it is processed, thereby acting as the “Controller”.

This Privacy Notice is addressed to the following users of www.apex-prostate.com:

  • the healthcare professionals with whom We create or maintain a relationship;

We invite You to carefully read this Privacy Notice, which sets out in which context We are processing Your Personal Data and explains Your rights and our obligations when doing so. Should You have any further question in relation to the processing of Your Personal Data, We invite You to contact our Data Protection Officer here:  datenschutz@novartis.com.

 

1. What information do We have about You?

This information may either be directly provided by You, by our business partners (i.e. the legal entity for whom You work), by third parties like for example medical agencies or be obtained through trusted publicly available sources. We collect various types of Personal Data about You, including:

  • Your general information (i.e. first name, last name, email, password, country of residence);

 

2. For which purposes do We use Your Personal Data and why is this justified?

2.1.  Legal basis for the processing

We will not process Your Personal Data if We do not have a proper justification foreseen in the law for that purpose. Therefore, We will only process Your Personal Data if:

  • We have obtained Your prior consent, Article 6 (1) sentence 1 (a) GDPR, 
  • the processing is necessary to perform our contractual obligations towards You, Article 6 (1) sentence 1 (b) GDPR, or
  • the processing is necessary for our legitimate interests and does not unduly affect   Your interests or fundamental rights and freedoms, Article 6 (1) sentence 1 (f) GDPR.
2.2.  Purposes of the processing

We process Your Personal Data to provide our services. In particular, We process Your data for the following purposes:

  • registration and authentication
  • contacting You (e.g. by informing You about new content on the website)
  • analytics as described in this notice

 

3. Who has access to Your Personal Data and to whom are they transferred?

We will not sell, share, or otherwise transfer Your Personal Data to third parties other than those indicated in this Privacy Notice.

In the course of our activities and for the same purposes as those listed in this Privacy Notice, Your Personal Data can be accessed by or transferred to the following categories of recipients, on a need to know basis to achieve such purposes:

  • our personnel (including personnel, departments or other companies of the Novartis group);
  • our services providers that provide services and products to us
  • our IT systems providers, cloud service providers, database providers and consultants;
  • Google Analytics (please see further information below).

The above third parties are contractually obliged to protect the confidentiality and security of Your Personal Data, in compliance with applicable law.

Your Personal Data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where We are required to do so by applicable law or regulation or at their request.

The Personal Data We collect from You may also be processed, accessed or stored in a country outside the country where Sandoz is located, which may not offer the same level of protection of Personal Data.

If We transfer Your Personal Data to external companies in other jurisdictions, We will make sure to protect Your Personal Data by (i) applying the level of protection required under the local data protection/privacy laws applicable to Sandoz, (ii) acting in accordance with our policies and standards and, (iii) for Sandoz located in the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the "EEA"), unless otherwise specified, only transferring Your Personal Data on the basis of standard contractual clauses approved by the European Commission. You may request additional information in relation to international transfers of Personal Data and obtain a copy of the adequate safeguard put in place by exercising Your rights as set out in Section 6 below. To provide our services, We use Google Analytics, which is a Web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). By using Google Maps, information about Your use of this Website (including Your IP address) may be stored and processed outside the European Union (including the United States). In such so-called third countries, there may not be an "adequate level of protection" for the Processing of Personal Data from the perspective of the European Union, which is equivalent to the requirements here. However, such a level of protection can be created by certain measures. This measure is provided by the so-called EU-U.S. Privacy Shield. Details of certification under the EU-U.S. Privacy Shield can be found on the U.S. government's Website: https://www.privacyshield.gov. Google may transfer the information obtained from Maps to third parties, if required by law or to the extent that third parties process this data on behalf of Google. You can deactivate the Google Maps service and thus prevent the data transfer to Google by deactivating JavaScript in Your browser. More information on the purpose and scope of the data collection and its Processing by the plug-in provider can be found in the provider’s privacy policy. There You will also find further information about Your rights as Well as settings options for the protection of Your privacy: https://policies.google.com/privacy?hl=en&gl=de. The legal basis of the Processing is art. 6 I letter (f) GDPR, due to our legitimate interest in ensuring the correct address is entered.

 

4. How do We protect Your Personal Data?

We have implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality to Your Personal Data.

These measures take into account:

  1. the state of the art of the technology;
  2. the costs of its implementation;
  3. the nature of the data; and
  4. the risk of the processing.

The purpose thereof is to protect it against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

Moreover, when handling Your Personal Data, We:

  • only collect and process Personal Data which is adequate, relevant and not excessive, as required to meet the above purposes; and
  • ensure that Your Personal Data remains up to date and accurate.

For the latter, We may request You to confirm the Personal Data We hold about You. You are also invited to spontaneously inform us whenever there is a change in Your personal circumstances so We can ensure Your Personal Data is kept up-to-date.

 

5. How long do We store Your Personal Data?

We will only retain Your Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.

Personal Data We hold in our database about You will be stored for three  years after Your last interaction with us.

 

6. What are Your rights and how can You exercise them?

You may exercise the following rights under the conditions and within the limits set forth in the law:

  • the right to access Your Personal Data as processed by us and, if You believe that any information relating to You is incorrect, obsolete or incomplete, to request its correction or updating;
  • the right to request the erasure of Your Personal Data or the restriction thereof to specific categories of processing;
  • the right to withdraw Your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
  • the right to object, in whole or in part, to the processing of Your Personal Data;
  • the right to object to the processing of Your Personal Data for direct marketing purposes and a channel of communication used for direct marketing purposes; and
  • the right to request its portability, i.e. that the Personal Data You have provided to us be returned to You or transferred to the person of Your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to Your confidentiality obligations.

If You have a question or want to exercise the above rights, You may send an email to  datenschutz@novartis.com with a scan of Your identity card for identification purpose, it being understood that We shall only use such data to verify Your identity and shall not retain the scan after completion of the verification. When sending us such a scan, please make sure to redact Your picture and national registry number or equivalent on the scan.

If You are not satisfied with how We process Your Personal Data, please send an email to datenschutz@novartis.com or a letter at Sandoz GmbH, Industriestraße 25, 83607 Holzkirchen, Germany.

In any case, You also have the right to file a complaint with the competent data protection authorities, in addition to Your rights above.

 

7. Additional State-Specific Information for United States Residents

Some states (including but not limited to California, Nevada, and Texas), have state specific rights for their residents. Click here to learn more about those state specific rights.